JupiterOne AI capabilities
JupiterOne AI provides several capabilities that help you work with your security data more efficiently. This page covers how to use each capability and provides tips for getting the best results.
AI Chatbot
The AI Chatbot provides a conversational interface for interacting with your JupiterOne data. You can ask questions about your security posture, investigate assets, explore relationships, and get answers in natural language.
Using the AI Chatbot
- Select the Conversations icon in the JupiterOne navigation.
- Enter your question in the chat input field.
- The chatbot processes your question, and may execute J1QL queries on your behalf to gather relevant data.
- Review the response, which includes both the answer and any queries that were run.
The chatbot maintains conversation context within a session, so you can ask follow-up questions without repeating background information.
Chat conversations are not persisted between sessions. If you close or navigate away from the chat, the conversation history is not retained.
Example prompts
- "What are my most critical unpatched vulnerabilities?"
- "Show me all AWS S3 buckets that are publicly accessible"
- "Which users have admin access to production environments?"
- "How many new assets were added in the last 7 days?"
- "What integrations are currently failing?"
Be specific in your questions. Instead of "What is my security posture?" try "What are my open critical vulnerabilities that have been unpatched for more than 30 days?" The more context you provide, the more accurate the response.
Providing feedback
Each chatbot response includes feedback options. Use these to indicate whether a response was helpful. Your feedback helps improve the accuracy of future responses.
Natural language search
Natural language search converts your plain text questions into JupiterOne Query Language (J1QL), so you can find information without needing to know query syntax.
Using natural language search
- Enter your question in the search bar in the upper right corner of the JupiterOne navigation ribbon, or on the JupiterOne Homepage.
- Press Enter.
- JupiterOne AI returns a suggested J1QL query based on your question.
- Review the generated query. You can edit it before running if needed.
- Press Enter again to execute the query.
If you want to write J1QL directly, start your input with FIND and the search bar recognizes your intent to write J1QL.
Example queries
| Natural language question | Generated J1QL |
|---|---|
| "What new S3 buckets were created in the last week?" | FIND aws_s3_bucket WITH createdOn > date.now-7days |
| "Show me all IAM users created in the last week" | FIND aws_iam_user WITH createdOn > date.now-7days |
| "Which EC2 instances are running without encryption?" | FIND aws_instance THAT !USES aws_kms_key |
Natural language search generates queries based on JupiterOne's data model. The generated query may not always match your exact intent — review and edit the query before running it for best results.
Tips for better results
- Be specific about time ranges. "Recently" is ambiguous — use "in the last 7 days" or "since January" instead.
- Use entity names when you know them. "AWS S3 buckets" generates better results than "storage."
- Ask one question at a time. Complex multi-part questions may not translate well into a single query.
- Review the generated query. Edit the J1QL if the AI misinterpreted your intent before running it.
AI Entity Summary
AI Entity Summary generates a human-readable explanation of any entity in your JupiterOne graph. Instead of reading through raw properties, you get a concise summary that highlights what the entity is and any noteworthy attributes.
Using AI Entity Summary
- Navigate to any entity detail page in JupiterOne.
- The AI-generated summary appears automatically, providing a 50-100 word description of the entity.
The summary includes:
- What the entity is and its role in your environment
- Notable properties or configurations
- Any unusual or noteworthy attributes that may require attention
Example
For an AWS EC2 instance, the summary might read:
This is a production Linux EC2 instance (t3.large) running in us-east-1a. It was launched 45 days ago and is currently running. The instance has a public IP address assigned and is associated with a security group that allows inbound SSH from 0.0.0.0/0, which may warrant review.
AI Remediation Recommendations
AI Remediation Recommendations provide step-by-step guidance for resolving vulnerabilities identified in your environment. The recommendations are tailored to the specific vulnerability, affected assets, and the integration source that detected the issue.
Using AI Remediation Recommendations
- Navigate to a vulnerability in JupiterOne.
- Remediation recommendations are generated automatically.
- Review the generated guidance, which includes:
- Recommended actions — numbered, actionable remediation steps
- Vulnerability details — CVSS score, EPSS percentile, exploit maturity
- Affected assets — grouped by type and source integration
- Cautions — safety warnings and testing recommendations
What the recommendations include
AI Remediation Recommendations are context-aware and vary based on how the vulnerability was detected:
- SBOM-sourced vulnerabilities: Package manager commands (npm, pip, maven, apt, yum) with specific version upgrade targets
- AWS Inspector findings: AWS Systems Manager Patch Manager procedures or OS-level patching commands
- Endpoint detection (CrowdStrike, Tenable, Qualys): Standard OS update procedures and patch deployment guidance
- General vulnerabilities: Vendor advisory monitoring, defense-in-depth measures, and compensating controls
Always test remediation steps in a non-production environment before applying them to production systems. Verify that the recommended actions are applicable to your specific configuration before proceeding.
Tips for using remediation recommendations
- Check the affected asset list. The recommendations are based on a sample of affected entities — verify applicability across your full environment.
- Review version-specific guidance. When upgrade targets are provided, confirm the target version is compatible with your application dependencies.
- Use the urgency indicators. Vulnerabilities with active exploits (KEV catalog, public exploits) should be prioritized.
AI Control Authoring
AI Control Authoring helps you create and complete compliance control documentation. When authoring controls in JupiterOne, the AI can generate descriptions, remediation steps, and exception processes based on the control context you provide.
Using AI Control Authoring
- Navigate to Compliance > Controls.
- Create or edit a control.
- Use the AI assist option to generate content for fields such as:
- Control description — a clear explanation of what the control requires
- Remediation steps — guidance for addressing control failures
- Exception process — documentation for handling exceptions to the control
- Review and edit the generated content before saving.
Tips for control authoring
- Provide a clear control name and identifier. The more context the AI has about the control's purpose, the better the generated content.
- Specify the framework context. Indicate which compliance framework (SOC 2, ISO 27001, CIS) the control relates to for more relevant output.
- Review and customize. AI-generated control content is a starting point — always review and adjust to match your organization's specific policies and terminology.
General tips for working with JupiterOne AI
- Start simple, then refine. Begin with straightforward questions and add detail as needed.
- Use JupiterOne terminology. Refer to entities, classes, and types using JupiterOne's data model terminology for more accurate results. For example, use "aws_instance" rather than "virtual machine."
- Provide context. Include relevant details like time ranges, specific asset types, or severity levels.
- Iterate. If the first response is not quite right, rephrase your question or provide additional context rather than starting over.